HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 3
Denis Savitskiy, 2014-11-27 14:21
preformatted code
1 | 1 | Patrick Ludikhuyze | h1. HowTo configure a single sign-on into Redmine from an other App on the same server |
---|---|---|---|
2 | 1 | Patrick Ludikhuyze | |
3 | 1 | Patrick Ludikhuyze | We had an App on our server and wanted to integrate Redmine into it. |
4 | 1 | Patrick Ludikhuyze | We configured an LDAP authentication which made it possible for users to login with the same username and password. |
5 | 1 | Patrick Ludikhuyze | But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site. |
6 | 1 | Patrick Ludikhuyze | |
7 | 1 | Patrick Ludikhuyze | Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option. |
8 | 1 | Patrick Ludikhuyze | |
9 | 1 | Patrick Ludikhuyze | h3. Basic Steps |
10 | 1 | Patrick Ludikhuyze | |
11 | 1 | Patrick Ludikhuyze | * Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed) |
12 | 1 | Patrick Ludikhuyze | The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table. |
13 | 1 | Patrick Ludikhuyze | This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation. |
14 | 1 | Patrick Ludikhuyze | |
15 | 1 | Patrick Ludikhuyze | * Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day |
16 | 1 | Patrick Ludikhuyze | We also chose to not use Self registration but that could be site specific. |
17 | 1 | Patrick Ludikhuyze | OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine. |
18 | 1 | Patrick Ludikhuyze | |
19 | 1 | Patrick Ludikhuyze | * Configure the use of autologin cookie also in config/configuraion.yml |
20 | 3 | Denis Savitskiy | <pre> |
21 | 3 | Denis Savitskiy | autologin_cookie_name: autologin |
22 | 3 | Denis Savitskiy | autologin_cookie_path: / |
23 | 3 | Denis Savitskiy | autologin_cookie_secure: false |
24 | 3 | Denis Savitskiy | </pre> |
25 | 1 | Patrick Ludikhuyze | |
26 | 1 | Patrick Ludikhuyze | P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further. |
27 | 1 | Patrick Ludikhuyze | |
28 | 1 | Patrick Ludikhuyze | * Delete existing autologin token from Redmine DB |
29 | 3 | Denis Savitskiy | <pre> |
30 | 3 | Denis Savitskiy | SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...; |
31 | 3 | Denis Savitskiy | </pre> |
32 | 1 | Patrick Ludikhuyze | |
33 | 1 | Patrick Ludikhuyze | * Create our new autologin token into Redmine DB |
34 | 1 | Patrick Ludikhuyze | Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b) |
35 | 3 | Denis Savitskiy | <pre> |
36 | 3 | Denis Savitskiy | SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now()); |
37 | 3 | Denis Savitskiy | </pre> |
38 | 1 | Patrick Ludikhuyze | |
39 | 1 | Patrick Ludikhuyze | * Create cookie with autologin token |
40 | 1 | Patrick Ludikhuyze | This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours: |
41 | 3 | Denis Savitskiy | <pre> |
42 | 3 | Denis Savitskiy | setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be'); |
43 | 3 | Denis Savitskiy | </pre> |
44 | 1 | Patrick Ludikhuyze | |
45 | 1 | Patrick Ludikhuyze | Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI). |
46 | 1 | Patrick Ludikhuyze | |
47 | 1 | Patrick Ludikhuyze | * Sanitise command line to forward URL arguments to Redmine |
48 | 2 | Patrick Ludikhuyze | I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App. So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine. |
49 | 1 | Patrick Ludikhuyze | That would be site specific but shouldn't be too hard. |
50 | 1 | Patrick Ludikhuyze | |
51 | 1 | Patrick Ludikhuyze | That should do the trick! |
52 | 1 | Patrick Ludikhuyze | |
53 | 1 | Patrick Ludikhuyze | Happy Redmining ;-) |